Automated IT Audit of Windows Server Access Control
© 2019 Global IT Research Institute (GIRI). To protect sensitive information of an organization, we need to have proper access controls since several data breach incidents were happened because of broken access controls. Normally, the IT auditing process would be used to identify security weaknesses...
Saved in:
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Conference or Workshop Item |
| Published: |
2020
|
| Subjects: | |
| Online Access: | https://repository.li.mahidol.ac.th/handle/123456789/50850 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Mahidol University |
| id |
th-mahidol.50850 |
|---|---|
| record_format |
dspace |
| spelling |
th-mahidol.508502020-01-27T15:36:13Z Automated IT Audit of Windows Server Access Control Sutthinee Pongsrisomchai Sudsanguan Ngamsuriyaroj Mahidol University Engineering © 2019 Global IT Research Institute (GIRI). To protect sensitive information of an organization, we need to have proper access controls since several data breach incidents were happened because of broken access controls. Normally, the IT auditing process would be used to identify security weaknesses and should be able to detect any potential access control violations in advance. However, most auditing processes are done manually and not performed consistently since lots of resources are required; thus, the auditing is performed for quality assurance purposes only. This paper proposes an automated process to audit the access controls on the Windows server operating system. We define the audit checklist and use the controls defined in ISO/IEC 27002:2013 as a guideline for identifying audit objectives. In addition, an automated audit tool is developed for checking security controls against defined security policies. The results of auditing are the list of automatically generated passed and failed policies. If the auditing is done consistently and automatically, the intrusion incidents could be detected earlier and essential damages could be prevented. Eventually, it would help increase the reliability of the system. 2020-01-27T08:36:13Z 2020-01-27T08:36:13Z 2019-04-29 Conference Paper International Conference on Advanced Communication Technology, ICACT. Vol.2019-February, (2019), 539-544 10.23919/ICACT.2019.8701931 17389445 2-s2.0-85065666524 https://repository.li.mahidol.ac.th/handle/123456789/50850 Mahidol University SCOPUS https://www.scopus.com/inward/record.uri?partnerID=HzOxMe3b&scp=85065666524&origin=inward |
| institution |
Mahidol University |
| building |
Mahidol University Library |
| continent |
Asia |
| country |
Thailand Thailand |
| content_provider |
Mahidol University Library |
| collection |
Mahidol University Institutional Repository |
| topic |
Engineering |
| spellingShingle |
Engineering Sutthinee Pongsrisomchai Sudsanguan Ngamsuriyaroj Automated IT Audit of Windows Server Access Control |
| description |
© 2019 Global IT Research Institute (GIRI). To protect sensitive information of an organization, we need to have proper access controls since several data breach incidents were happened because of broken access controls. Normally, the IT auditing process would be used to identify security weaknesses and should be able to detect any potential access control violations in advance. However, most auditing processes are done manually and not performed consistently since lots of resources are required; thus, the auditing is performed for quality assurance purposes only. This paper proposes an automated process to audit the access controls on the Windows server operating system. We define the audit checklist and use the controls defined in ISO/IEC 27002:2013 as a guideline for identifying audit objectives. In addition, an automated audit tool is developed for checking security controls against defined security policies. The results of auditing are the list of automatically generated passed and failed policies. If the auditing is done consistently and automatically, the intrusion incidents could be detected earlier and essential damages could be prevented. Eventually, it would help increase the reliability of the system. |
| author2 |
Mahidol University |
| author_facet |
Mahidol University Sutthinee Pongsrisomchai Sudsanguan Ngamsuriyaroj |
| format |
Conference or Workshop Item |
| author |
Sutthinee Pongsrisomchai Sudsanguan Ngamsuriyaroj |
| author_sort |
Sutthinee Pongsrisomchai |
| title |
Automated IT Audit of Windows Server Access Control |
| title_short |
Automated IT Audit of Windows Server Access Control |
| title_full |
Automated IT Audit of Windows Server Access Control |
| title_fullStr |
Automated IT Audit of Windows Server Access Control |
| title_full_unstemmed |
Automated IT Audit of Windows Server Access Control |
| title_sort |
automated it audit of windows server access control |
| publishDate |
2020 |
| url |
https://repository.li.mahidol.ac.th/handle/123456789/50850 |
| _version_ |
1763492447252381696 |